4 Replies Latest reply on Jul 29, 2003 9:39 AM by Sean Radford

    Jaas & Session Bean methods

    cenos Newbie


      I have a Stateless Session Bean that has 2 methods:
      -setX - (with roles Admin and Common)
      -deleteX - (with role Admin)

      That is, a user with Admin role can setX and deleteX, but with Common, it can only setX...

      The problem is that deleteX is inside setX... (if a variable is set, delete is performed - setX (boolean delete))

      When I call deleteX alone, with a user with Common role, the user is not authorized to delete.

      But when I call setX, that calls deleteX, the user with Common role is authorized and can delete...

      Both methods are with 'Required' transaction.

      Is there a way to the deleteX method inside setX be checked again by JaasSecurityManager?